SIGS Kick Off
IT Security Strategy 2019 and beyond: Challenges & Priorities


Target Audience Information Security Professionals CIO’s, CISO, IT Manager, Security Engineers and all other persons who are responsible and interested in Security

Vendors, Suppliers and Consultants which don’t help to sponsor and therefore support this platform are not authorized to take part

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location Eventalm
Meienbreitenstrasse 9
8153 Rümlang

Shuttle service from the train station available

Date of Event 17th of January 2019
Language English
Schedule see agenda below
Participation Costs Fr. 95.— per participants
Speeches, Apéro, Dinner and all beverages included
Especially No contact details or email addresses will be provided to any sponsor. The presentations will not be published after the event – it’s a closed community!



1:00 – 2:00 pm Registration & Coffee
2:00 – 2:15 pm Welcome & Introduction by SIGS and the moderator of the day

Umberto Annino, Head Security Governance; ISACA Switzerland Chapter Education & Certification Coordinator, ISSS Information Security Society Switzerland – President

Umberto holds an advanced federal diploma of higher education in MIS/ICT. He has been working in ICT since 1992 and has experience in application and system development, project management and information security management & consulting.

Today, Umberto is Head of Security Governance at SIX Group, with a focus on information security and regulatory and legal cybersecurity requirements. He also works as a lecturer in information security, IT risk management and data protection, and acts on the board of the ISACA Switzerland Chapter as a training and certification coordinator and as president of the Information Security Society Switzerland.

2:15 – 2:45 pm Gerald Vernez, Delegate for Cyber Defence of the Swiss Ministry of Defence
Gerald Vernez studied geology, meteorology and security policy. He first started his carrier in the industry before joining the General Staff of the Swiss Armed Forces in 1996. After a central role in the preparation of the national staff for the management of the “Y2K” (the year 2000 problem), he planned the new command and control organization of the Swiss armed forces and later built up their information operations capabilities.

In 2009, he became chief of staff of the joint staff and in 2011 deputy director for the development of the National strategy for the protection of Switzerland against cyber risks. In 2013, he became the Delegate of the Chief of the armed forces for cyber defence and then led this area from 2015. Since 2017, he has been the Delegate for cyber defense of the Swiss Ministry of Defence. Gerald is a general staff colonel with numerous commanding and staff positions and is heavily involved in the security and defense policy debate through several Fora.

Reflections on the Challenges of Digitization for the Swiss Security Policy
Since the beginning of the 1980s, our society has experienced a rapid and radical revolution through the invasion of information and communication technologies (ICT), which we have irrevocably become dependent on. No one escapes this transformation and its consequences. What does this change mean for Switzerland’s security policy?

The presentation will propose a first approach on the essential elements of this equation and will explore beyond the classic but still dominant considerations of computer security. The shape of future conflicts for which our highly engineered society should prepare are also discussed. The cyber incidents known so far could only have been nice bites compared to what we might expect in the future.

2:45 – 3:30 pm Carsten Engelbrecht, CIO at Mettler-Toledo International Inc.
Heading IT in Mettler-Toledo globally for 3.5 years, Carsten Engelbrecht is looking back to 25 years of not only broad and deep SAP expertise. Starting with a SAP implementation in the manufacturing industry, Carsten joined IBM in 1996. Infrastructure, global SAP roll-outs and SAP operations in automotive and manufacturing industries became major points of interest.

With the beginning of 2001, a French consulting company became home for another 5 years, where he was driving the German SAP implementation business for Finance and SCM. After leading SCM business for the products industry in Accenture DACH as Partner, Carsten Engelbrecht joint Mettler-Toledo in 2015 to become Group CIO.

A Security Journey
With Mettler-Toledo becoming enlisted in the S&P 500 index, the security life of MT has changed. As much as MT went unnoticed to the public due to the nature of MT’s business, the success of this company put them into the spotlight of the bad boys.

The CIO Carsten Engelbrecht will share approaches, means and measures to keep their environment safe. The journey let the MT security team from a rather unspecified internal service to a service managed along KPIs and SLAs, using bot technology, looking into leveraging Security Operations Centers provided by 3rd parties, adhering to SOX compliance, while following the NIST framework.

Details to the IT Security Strategy for 2019 will complement the big picture. Regardless of size, MT would consider themselves as a company, which is facing more or less the same issues as any other company in the manufacturing space. The target is not only to protect the firm, but also helping employees to have a secure workplace.

3:30 – 4:15 pm Break
4:15 – 4:45 pm Philippe Vuilleumier, Head of Group Security / Chief Security Officer at Swisscom
Philippe Vuilleumier has worked at Swisscom for more than 10 years and assumed overall responsibility for Swisscom Security as Head of Group Security in September 2015. He was Head of Network & IT Operations at Swisscom Switzerland from 2008, before being appointed CEO of subsidiary Alphapay in 2013. His qualifications include a Master’s degree in Business Telecommunications from Delft University of Technology.

Prior to joining Swisscom, Philippe Vuilleumier held various management positions at Zurich Insurance Group, Equant and IBM.

Does security stop at the corporate border?
Information security, cybersecurity and data protection are important and closely related topics. Companies issue instructions, provide internal training and much more to promote and enforce safe and privacy-compliant behavior of their employees. In today’s highly interconnected world, cross-organizational measures have also to be introduced. But how can partners and suppliers be included in such efforts?

This is one of the key topics of Swisscom’s Group Security unit, which is responsible for protecting the company, its employees, infrastructure and data. We will be happy to share our priorities for 2019 and concrete examples on how we want to achieve our objectives.

4:45 – 5:15 pm Peter Merker, Head of Security at skyguide
Peter Merker can draw on nearly 2 decades of experience in security. He started his career in a global consultancy and contributed on a multitude of different security programs in the banking, consumer goods and pharmaceutical sector before joining a chemical manufacturing company where he created and lead their information security program.

Peter was asked to join skyguide, the Swiss air navigation services provider, a critical infrastructure component of the Swiss Federation, in 2016 to take over information security and accelerate their security maturity in light of a unique technology transformation program in the Air Traffic Management industry. Since July 2018 Peter was named Head of Security, overall responsible for information and physical security at skyguide.

Producing a sensible security strategy in a transforming industry
The aviation industry and especially the Air Traffic Management industry is transforming rapidly on a multitude of levels, especially in Europe to enable a Single European Sky. The way skyguide has chosen to transform changes their threat exposure dramatically over time and requires a rock-solid, yet balanced and simplistic security strategy.

Peter will talk about the challenges he’s expecting for 2019 and skyguide faces as the Swiss air navigation services provider amidst Europe, the corporate transformation program and how the security strategy fits into all of this.

5:15 – 5:45 pm Umberto Annino, Head Security Governance; ISACA Switzerland Chapter Education & Certification Coordinator, ISSS Information Security Society Switzerland – President
Information Security 2019 and beyond – urgent challenges and mid-term outlook
Why is security so hard – and where can we improve? Some experts claim that we do repeat the same topics in security for decades now. What is the underlying problem – is security a too complex topic, or what are we failing at? Is there room for improvement? What is the outlook for the next 2-3 years on the topic – things to expect, risks to control and attacks to foresee, and most important: what and how to prepare for what is coming in the next few years.

5:45 – 6:15 pm Podiums Discussion moderated by Umberto Annino
6:15 – 7:00 pm Apéro
7:00 – 8:30 pm Dinner (buffet with hopefully something for everyone)
8:30 – 9:00 pm Max Moser, Owner/Hacker and Senior Security Consultant at modzero ag
Max Moser has worked for many years in the field of IT Security. He has supported many national and international companies, public authorities and institutions to analyze and improve their security levels. He specializes in protocol analysis, research, and highly specific penetration testing of complex environments.

He is the CEO of modzero, a multi-unit company with 12 employees focusing solely on highly technical security analysis. modzero is supporting companies and corporations from various market sectors including telecommunications, pharmaceuticals, insurance, and banking.

He presented several research project results at well-known international security conferences and his expertise is well represented in national and international media.

Putting Backdoors into Doors
RFID-based access control systems are commonly used to prevent unauthorized access to protected facility areas. While security issues in RFID tokens are amply discussed publicly, the outdated subsystems and communication protocols of an access control system seldomly come up for discussion.

In his work at modzero, Max Moser analyzed a wide array of RFID-based access control systems for security issues. This talk shines a light on the strengths and weaknesses of such systems and which attack and protection methods proved successful.

9:00 – open end Dessert, Networking and Know How Sharing to the topic IT Security Strategy 2017


The Sponsors of this event are:​

















This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

Cancellation Policy
Cancellations of registration are free of charge until 30 days before the event. Cancellations received beyond this point will incur 100% of the admission fee. You will get an invoice for the respective amount. In any case, however, a delegate may be sent at no additional costs.

Event Partner

Registration here!